[nsp] tackling a 3640

• Next message: Stephen Balbach: "[nsp] cisco usage stats"
• Previous message: Phillip Vandry: "Re: [nsp] GRE tunnelling interaction with fragmentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

        I'm going to be tackling a 3640 in the near future. I've
done this once before and was really frustrated, but I'm ready to
try again.

        My questions:

        1) last time I tried this, ios radius support wasn't so hot.
           one issue I hit was that the 3640 wouldn't honor more than
           one assigned route per dialin session. Something like:

        Framed-Address = 192.168.0.1,
        Framed-Netmask = 255.255.255.0,
        Framed-Route = "192.168.32.0 0.0.0.0 1"

           wouldn't work. The second route wouldn't be installed. So
           the question is, can I do this via radius now? Has this
           behaviour been fixed/changed?

        2) Last time I tried this, I wanted to announce routes for
           my dialin users and networks via ospf, but I had a
           tremendously hard time doing it. Despite the fact that
           they were "directly connected networks," I think I had
           to do a lot of extra fiddling and twiddling to force
           the 3640 to broadcast routes for them. What should I
           do this time? Maybe ospf isn't the best thing for this
           situation. Of course, the Livingston pm3's (which the
           3640 will be replacing) does ospf just fine... I'd
           be willing to live with rip-2 for this setup, but the
           majority of the sessions on the 3640 will be long-lived,
           and I'd wager that ospf would incur *much* lower overhead,
           compared to re-broadcasting the whole damn routing table
           every 30 seconds. (vlsm is required for this application.)

        3) Which is rev is the "best" rev to run right now for my
           application? The 3640 will be running pri's for isdn
           dialin service *only*. I see on the ftp server that
           the latest 11.2 rev is 11.2.9P and 11.2.9-XA. Which
           do I want?

        4) Finally, a nit. Every radius implementation I had dealt
           with prior to cisco's will log the assigned ip address
           in the radius accounting 'Start' packet. Except for the
           cisco. Now, we do some fancy-shmancy state tables by
           logging radius info into a sql database, so I'd *really*
           like to have the ip address in the start packet. Has
           this behaviour changed, since I've last dealt with it?

        Any other tips or pointers on setting these beasts up would
be appreciated, as well... Thanks!

• Next message: Stephen Balbach: "[nsp] cisco usage stats"
• Previous message: Phillip Vandry: "Re: [nsp] GRE tunnelling interaction with fragmentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:14 EDT